Windows Clients cannot access the internet, very strange unexpected DNS problem.

IrixOS

@johnpoz I think we are iiiiiiiiiiiiiiiiiiiiiiiiiiin yipppieeeeeeee

bmeeks

@IrixOS said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

Dit you remember the thread about the lagg0 port, you said something about choose an other free port, well I configured the lagg0 port with a vpn tunnel on the wan,

No, I don't recall a thread about a lagg0 port, but I get involved in quite a few conversations on here and tend to get them confused sometimes .

I would do this on the Windows client --

1. Configure the DNS server to be 8.8.8.8 in the TCP/IP settings in Windows. That will take pfSense completely out of the picture for DNS.
2. Now try to ping something by name (www.bing.com or google.com, for instance). Does that work? If yes, then you know the client has Internet access and you can concentrate on why DNS on pfSense is failing or not working.
3. If steps #1 and #2 fail, then try a simple ping to 8.8.8.8 from the Windows client. That drops DNS out of the loop and directly tries to ping the Google DNS server. If that fails, then you still have a basic connectivity problem you need to work out.

IrixOS

@johnpoz Poor lord , it didn't expect it to work, yes indeed it became a square after the reboot of windows and pfsense.
I thinkt it was the NAT rule and changed it to automatic like you mentioned.

IrixOS

@bmeeks It's working, the only thing i changed was from outbound to automatic, done a reboot of windows and then things started to pop up,...

Many thanks to you, and God bless America, from Belgium,..

Clever guys you Americans.

bmeeks

@IrixOS said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

I thinkt it was the NAT rule and changed it to automatic like you mentioned.

That NAT rule was definitely suspect! Not sure why a handbook for the DSL modem would suggest that UNLESS the instructions were simply how to access an internal web GUI on the modem itself. But those instructions would not apply to general Internet access.

johnpoz

@bmeeks said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

tend to get them confused sometimes

We can both be members of that club as well.. The old farts club, and sometime confuse threads club.. Maybe getting old and confusing threads go hand in hand? ;)

IrixOS

@bmeeks I don't know where I got it from that MODEM config think, I think the handbook, not sure

bmeeks

@johnpoz said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

@bmeeks said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

tend to get them confused sometimes

We can both be members of that club as well.. The old farts club, and sometime confuse threads club.. Maybe getting old and confusing threads go hand in hand? ;)

I resemble both of those remarks !

bmeeks

@IrixOS said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

@bmeeks I don't know where I got it from that MODEM config think, I think the handbook, not sure

That particular NAT may have been to allow access from the LAN side of pfSense to a web GUI inside the modem that has a private RFC1918 address. That would possibly explain the 172.16.0.x destination address. But to get to the Internet, the destination has to be * (which means "any").

IrixOS

@bmeeks Of course, that was it, it was meant to access the modem.

bmeeks

@IrixOS said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

@bmeeks Of course, that was it, it was meant to access the modem.

I think you understand, but just to be sure and to help someone else who stumbles across this thread in the future --

That NAT rule was to allow you to open something directly on the modem itself. Typically this is some type of configuration program either via an internal web server or maybe Telnet. So, if the modem had the IP 172.16.0.1 as its LAN port address, then from a client on the LAN side of pfSense you could open a connection to that IP and the NAT rule from the handbook would have translated that traffic to the modem's address. But that rule only works for talking to the modem's OS. It is not sufficient to send traffic from the pfSense LAN side out to the Internet.

You don't need to access the modem in order to send traffic to the Internet. When in bridged mode everything that comes in on the modem's LAN port is sent straight out the modem's WAN port without any change -- and vice-versa for WAN to LAN traffic on the modem. That is the definition of "bridged".

As for NAT rules on pfSense, you need a NAT rule that accepts traffic from whatever networks are behind pfSense and translates them to the pfSense WAN address. The "destination" for this NAT rule should be "any" because that covers the range of possible Internet destinations.

IrixOS

@bmeeks said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

Reply Quote 0

Yes, you are completely correct, I was confused, and yes classically the modem is accessed via webbrowser, now I get the concept of bridge modus better.
My sincere thank you!

bmeeks

@IrixOS said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

@bmeeks said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

Reply Quote 0

Yes, you are completely correct, I was confused, and yes classically the modem is accessed via webbrowser, now I get the concept of bridge modus better.
My sincere thank you!

Glad it's all working now. Must be quite late for you in Belgium! Go to bed now and celebrate success tomorrow.

IrixOS

@bmeeks HAHA, yesterday I couldn't wait for you guys to answer the thread, it's 00:05 here right know.

bmeeks

@IrixOS said in Windows Clients cannot access the internet, very strange unexpected DNS problem.:

@bmeeks HAHA, yesterday I couldn't wait for you guys to answer the thread, it's 00:05 here right know.

I'm six hours behind you. 6:07 PM here now (I'm on US Eastern Time).

IrixOS

@johnpoz Hey Jhonpoz, thank your for the time you put in my thread and the commitment (fast replies) Chapeau!

johnpoz

@IrixOS your more than welcome - glad you got it sorted.

IrixOS

@johnpoz Hmm JohnPoz, you are never gonna believe this. DNS lost its grip, yesterday and the day before. Rebooted twice.
The bottom right task square turned into the world icon. Couldn't connect to any webpage, DNS server unavailable, don't know what caused it. Didn't do troubleshoot either.

I don't mind rebooting the firewall once in a while, but if the website comes online with other future stuff, then I'm beginning to worry...

johnpoz

@IrixOS you should never have to reboot the firewalll, unless your updating it to be honest..

My pfsense has been up 82 Days 14 Hours 23 Minutes 31 Seconds, and I even had a power outage - but it wasn't long enough that my ups couldn't cover it.

Pfsense rebooted when I updated to 23.09.1, which came out 85 days ago, so I was a couple days behind when it dropped ;) when I got around to doing the update..

If you have an issue with anything - the last thing I would do is reboot pfsense, after you have gathered info and not able to recover by any other means.. If you just rebooted and it then works you have no clue to what was the actual cause.. A reboot of pfsense should be your last thing you do, or if you can not access it at all - not via gui, not via ssh, and also console.. You want info of what is going on before you just reboot something..

IrixOS

@johnpoz

Well I totally agree with that.

The firewall seems to be unresponsive. Didn't touch anything since the last time we have been troubleshooting.

I don't expect you to go through all the troubleshooting again . The dns server doesn't query.

Frankly I don't know what to think about it right now. It shouldn't behave like that.